Hallo,

ich habe ein Problem mit einem SUSE 10 Enterprise Server SP2 uns SSH.

Ich bekomme vom Internet aus, folgende Meldung wenn ich mich versuche zu connecten im message Logfile.


Apr 20 14:02:51 schriften kernel: martian source 192.168.88.7 from 89.123.111.123, on dev eth0
Apr 20 14:02:51 schriften kernel: ll header: 60:0e:0c:5e:12:2e:02:90:7f:3c:8c:f0:08:00



Wenn ich aus dem internen Netz komme, funktioniert SSH super. Die Firewall habe ich abgeschaltet, hatte aber auch keine Besserung gebracht.

Kann mir wer helfen.

und wo ist der Fehler ?

Das wenn ich über wenn das Internet komme mich nicht einloggen kann und dann das im log finde.

Deine (uns unbekannte) Netzwerkkonfiguration ist falsch...

bitte die netzwerkconfig, die config vom sshd und die logs vom sshd entsprechend deines fehlers posten. und dann noch die ausgabe von /bin/brain :scnr:

die config vom sshd und die logs vom sshd

Wird nix nützen, da die entsprechenden Pakete schon vom Kernel verworfen werden (martian source). Es sieht nach kaputten NAT aus, aber ohne Infos...

Oha, wusste nicht was martian source bedeutet. Entschuldige meine unwissenheit. mal kurz /bin/brain anwerfen :ugly:

einmal die sshd_config



# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
Protocol 2,1
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#GSSAPIEnableMITMAttack no


# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL


ssh schreib kein eigenes Log



cat /etc/sysconfig/network/config
## Path: Network/Hardware/Config
## Description: Set some general network configuration
## Type: string("","-","+")
## Default: "+"
## ServiceRestart: network
#
# DEFAULT_BROADCAST is used when no individual BROADCAST is set. It can get one
# of the following values:
# "" : don't set a broadcast address
# "-" : use IPADDR with all host bits deleted
# "+" : use IPADDR with all host bits set
DEFAULT_BROADCAST="+"

## Type: yesno
## Default: yes
# sometimes we want some script to be executed after an interface has been
# brought up, or before an interface is taken down.
# default dir is /etc/sysconfig/network/if-up.d for POST_UP and
# /etc/sysconfig/network/if-down.d for PRE_DOWN
# Note: if you use NetworkManager then down scripts will be called after the
# interface is down and not before.
GLOBAL_POST_UP_EXEC="yes"
GLOBAL_PRE_DOWN_EXEC="yes"

## Type: yesno
## Default: no
# If ifup should check if an ip address is already in use, set this to yes.
# Make sure that packet sockets (CONFIG_PACKET) are supported in the kernel,
# since this feature uses arping, which depends on that.
# Also be aware that this takes one second per interface; consider that when
# setting up a lot of interfaces.
CHECK_DUPLICATE_IP="no"

## Type: yesno
## Default: no
# Switch on/off debug messages for all network configuration stuff. If set to no
# most scripts can enable it locally with "-o debug".
DEBUG="no"

## Type: yesno
## Default: yes
# All error and info messages from network and hardware configuration scripts go
# to stderr. Most tools that call sysconfig scripts (udev, rcnetwork, scpm,
# YaST) catch these messages and can log them. So some messages appear twice in
# syslog. If you don't like that, then set USE_SYSLOG=no.
USE_SYSLOG="yes"

## Type: yesno
## Default: yes
# There are some services (ppp, ippp, dhcp-client, pcmcia, hotplug) that have to
# change the /etc/resolv.conf dynamically at certain times. E.g. if ppp/ippp
# establishes a connection and is supplied by the peer with a list of
# nameservers. Or pcmcia needs to set the correct nameserver for the choosen
# configuration scheme. If you don't like these services to change
# /etc/resolv.conf at all, then set this variable to "no".
# If unsure, leave it at the default (which is "yes").
#
MODIFY_RESOLV_CONF_DYNAMICALLY="yes"

## Type: yesno
## Default: no
# Like MODIFY_RESOLV_CONF_DYNAMICALLY, except it modifies /etc/named.conf.
# If unsure, leave it at the default (which is "no").
#
MODIFY_NAMED_CONF_DYNAMICALLY="no"

## Type: string
## Default: ""
# If you need a special nameserver that should always be prepended to the list
# of dynamically changed nameservers, you may add it here.
#
MODIFY_RESOLV_CONF_STATIC_DNS=""

# Handling of network connections
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# These features are designed for the convenience of the experienced
# user. If you encounter problems you don't understand then switch
# them off. That is the default.
# Please do not complain if you get troubles. But if you want help to
# make them smarter write to <http://www.suse.de/feedback>.

## Type: yesno
## Default: no
#
# If you are interested in the connections and nfs mounts that use a
# network interface, you can set CONNECTION_SHOW_WHEN_IFSTATUS="yes".
# Then you will see them with 'ifstatus <interface>' (or 'ifstatus
# <config>')
# This one _should_ never harm ;)
#
CONNECTION_SHOW_WHEN_IFSTATUS="no"

## Type: yesno
## Default: no
#
# If an interface should be set down only if there are no active
# connections, then use CONNECTION_CHECK_BEFORE_IFDOWN="yes"
#
CONNECTION_CHECK_BEFORE_IFDOWN="no"

## Type: yesno
## Default: no
#
# If these connetions (without the nfs mounts) should be closed when
# shutting down an interface, set CONNECTION_CLOSE_BEFORE_IFDOWN="yes".
# WARNING: Be aware that this may terminate applications which need
# one of these connections!
#
CONNECTION_CLOSE_BEFORE_IFDOWN="no"

## Type: yesno
## Default: no
#
# If you are a mobile laptop user and like even nfs mounts to be
# closed when you leave your current workplace, then set
# CONNECTION_UMOUNT_NFS_BEFORE_IFDOWN="yes". This does only work
# if CONNECTION_CLOSE_BEFORE_IFDOWN="yes", too.
# WARNING: Be aware that this may terminate applications which use
# these nfs mounts as working directory. Be very carefull if your home
# is mounted via nfs!!!
# WARNING: This may even lead to hanging ifdown processes if there are
# processes that could not be terminated. If you are using
# hotpluggable devices (pcmcia, usb, firewire), first shut them down
# before unplugging!
#
CONNECTION_UMOUNT_NFS_BEFORE_IFDOWN="no"

## Type: yesno
## Default: no
#
# If terminating processes that use a connection or nfs mount is not
# enough, then they can be killed after an unsuccesfull termination.
# If you want that set CONNECTION_SEND_KILL_SIGNAL="yes"
#
CONNECTION_SEND_KILL_SIGNAL="no"

## Type: string
## Default: ""
#
# Here you may specify which interfaces have to be up and configured properly
# after 'rcnetwork start'. rcconfig will return 'failed' if any of these
# interfaces is not up. You may use interface names as well but better use
# hardware descriptions of the devices (eth-id-<macaddress> or eth-bus-... See
# man ifup for 'hardware description'). The network start script will wait for
# these interfaces, but not longer as set in WAIT_FOR_INTERFACES.
# You need not to add dialup or tunnel interfaces here, only physical devices.
# The interface 'lo' is always considered to be mandatory and can be omitted.
#
# If this variable is empty, rcnetwork tries to derive the list of mandatory
# devices automatically from the list of existing configurations. Configurations
# with names bus-pcmcia or bus-usb or with STARTMODE=hotplug are skipped. (try
# '/etc/init.d/rc5.d/S*network start -o debug fake | grep MANDAT')
MANDATORY_DEVICES=""

## Type: integer
## Default: 20
#
# Some interfaces need some time to come up or come asynchronously via hotplug.
# WAIT_FOR_INTERFACES is a global wait for all mandatory interfaces in
# seconds. If empty no wait occurs.
#
WAIT_FOR_INTERFACES="20"

## Type: yesno
## Default: yes
#
# With this variable you can determine if the SuSEfirewall when enabled
# should get started when network interfaces are started.
FIREWALL="yes"

## Type: string
## Default: "eth*[0-9]|tr*[0-9]|wlan[0-9]|ath[0-9]"
#
# Automatically add a linklocal route to the matching interfaces.
# This string is used in a bash "case" statement, so it may contain
# '*', '[', ']' and '|' meta-characters.
#
LINKLOCAL_INTERFACES="eth*[0-9]|tr*[0-9]|wlan[0-9]|ath[0-9]"

## Type: string
## Default: "-f -I"
#
# Set default options for ifplugd. You may also set them in an ifcfg-* file
# individually. Have a look at 'man ifplug' for details. We let ifplugd set the
# interface UP when starting, because there are many interfaces where link beat
# cannot be detected otherwise. If you want the interface to stay down then add
# the option '-a'. If you like ifplugd to beep on cable (un)plug, remove '-b'.
#
IFPLUGD_OPTIONS="-f -I -b"

## Type: yesno
## Default: yes
#
# Forces all interfaces eth* ath* wlan* and ra* to be persistent via udev.
# See /usr/share/doc/packages/sysconfig/README.Persistent_Interface_Names
# for details.
#
FORCE_PERSISTENT_NAMES=yes

## Type: yesno
## Default: no
#
# Instead of the usual network setup (now called 'NetControl') you may also use
# 'NetworkManager' to control your interfaces.
#
# NetControl is what you were used to in SUSE Linux up to now. It has a wide
# range of configurations means for setting up any number of different virtual
# and real interfaces. It should be used if you:
# - want a static network setup
# - have many interfaces
# - need VLAN, bonding, bridging, multiple IP addresses
# - must restrict network control to root
# It may also switch interfaces automatically, but lacks a usable GUI for normal
# users.
#
# NetworkManager lets the user control interfaces and switches automatically if
# network interfaces lose/gain physical connection. It should be used if you:
# - move between networks frequently
# - want a GUI for network control
# Especially on mobile computers that use mainly one wired and one wireless
# interface NetworkManager will please you.
#
# If you are used to SCPM then you might probably stay with NetControl. But at
# least try NetworkManager, because it can replace SCPM in some usage scenarios.
#
NETWORKMANAGER=no

## Type: int
## Default: 0
#
# When using NetworkManager you may define a timeout to wait for NetworkManager
# to connect. Other network services may require the system to have a valid
# network setup in order to succeed.
#
# This variable has no effect if NETWORKMANAGER=no
#
NM_ONLINE_TIMEOUT="0"

## Type: yesno
## Default: yes
#
# When using NetworkManager you may want to trigger special actions when an
# interface comes up. NetworkManagerDispatcher is a daemon that listens to
# dbus-messages that tell that an interface is up/down and triggers whatever
# you like. Read more about it in the manpage to NetworkManagerDispatcher.
#
# This variable has no effect if NETWORKMANAGER=no
#
NM_DISPATCHER=yes




Hoffe das ist alles

hm, schon min. 2 Leute, die google nicht kennen :-)

Hoffe das ist alles

Nein, wie sieht dein Netzwerk aus?

Das Problem ist gelöst.

Es liegt am verwaltungsmodus der Netzwerkkarte.